Viewing all changes in revision 2429.
- Committer: Martin Pitt
- Date: 2015-09-21 08:21:19 UTC
- Revision ID: martin.pitt@canonical.com-20150921082119-9eo0hmwpix2i81jz
SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a
symlink.
This prevents normal users from pre-creating a symlink to the predictable
.crash file, and thus triggering a "fill up disk" DoS attack when the
.crash report tries to include itself. Also clean up the code to make this
easier to read: Drop the "vmcore_root" alias, move the vmcore and
vmcore.log cleanup into the "no kdump" section, and replace the buggy
os.walk() loop with a glob to only catch direct timestamp subdirectories
of /var/crash/.
Thanks to halfdog for discovering this!
(CVE-2015-1338, part of LP #1492570)
symlink.
This prevents normal users from pre-creating a symlink to the predictable
.crash file, and thus triggering a "fill up disk" DoS attack when the
.crash report tries to include itself. Also clean up the code to make this
easier to read: Drop the "vmcore_root" alias, move the vmcore and
vmcore.log cleanup into the "no kdump" section, and replace the buggy
os.walk() loop with a glob to only catch direct timestamp subdirectories
of /var/crash/.
Thanks to halfdog for discovering this!
(CVE-2015-1338, part of LP #1492570)
- files modified:
- data/kernel_crashdump
expand all
collapse all
added
removed
